Notice: In order to edit this ticket you need to be either: a Product Owner, The owner or the reporter of the ticket, or, in case of a Task not yet assigned, a team_member"

User Story #1382 (accepted)

Opened 11 years ago

Last modified 8 years ago

Improve LDAP support

Reported by: jamoore Owned by: jamoore
Priority: critical Milestone: Unscheduled
Component: Deployment Keywords: n.a.
Cc: jay_copeland@…, stephen.ogg@…, FCORNELI@…, atarkowska, cxallan Story Points: n.a.
Sprint: n.a. Importance: n.a.
Total Remaining Time: 9.0d Estimated Remaining Time: n.a.

Change History (14)

comment:1 Changed 11 years ago by jmoore

  • Cc stephen.ogg at FCORNELI@… added; stephen.ogg at FCORNELI at removed

comment:2 Changed 11 years ago by jmoore

  • Cc stephen.ogg@… added; stephen.ogg at removed

comment:3 Changed 11 years ago by jmoore

  • Milestone changed from OMERO-Beta4.1 to OMERO-Beta4.2

comment:4 Changed 11 years ago by jmoore

  • Cc cxallan added
  • Description modified (diff)

The liferay integration uses the following parameters:




comment:5 Changed 10 years ago by jmoore

(In [6550]) fix #2025 - Fixing ldap tests post-refactoring (see #1382)

With this commit, the basic reconfiguration of LDAP is finished.
Usability and performance improvements should be added to #1382

comment:6 Changed 10 years ago by jmoore

As a follow up on #2025, the new properties which we are currently testing are:


The filters and mappings are as in the liferay documentation above. The "new_user_group" property is an experiment to allow for various styles of mapping:

  • no prefix implies use the static group named "${omero.ldap.new_user_group}"
  • the ":ou:" prefix means map the users last organizationl unit to a group name, "ou=IT,ou=division,o=college" would map to a group of "IT"
  • the ":attribute:" prefix means take the possibly multi-valued attribute defined and add the user to all groups
  • the ":query:" attribute is a query run under the group filter which has all the user mapping properties plus "${dn}" available to it, so that the above example looks for all groupOfNames with a member attribute with the dn as a value
  • a possible (unimplemented) prefix ":bean:" could allow for implementing one's own NewUserGroupMapper

comment:7 Changed 10 years ago by jmoore

  • Description modified (diff)

comment:8 Changed 10 years ago by jmoore

  • Description modified (diff)

comment:9 Changed 10 years ago by jmoore

(In [6916]) see #1382 - Ldap tests and NewUserGroupBean interface. See also #2029

This interface is only responsible for adding groups based on newly
created users. and PasswordProvider
are two other interfaces which are available. The three together may
be sufficient for #2029.

comment:10 Changed 10 years ago by jmoore

  • Description modified (diff)

comment:11 Changed 10 years ago by cxallan

A single user filter such as:


Does not allow users that match to login.

comment:12 Changed 9 years ago by jmoore

  • Description modified (diff)
  • Priority changed from major to critical

comment:13 Changed 8 years ago by jmoore

  • Description modified (diff)

comment:14 Changed 8 years ago by agilo

  • Status changed from new to accepted

Updated status, related task in progress

Note: See TracTickets for help on using tickets. You may also have a look at Agilo extensions to the ticket.

1.3.13-PRO © 2008-2011 Agilo Software all rights reserved (this page was served in: 0.250006 sec.)

We're Hiring!